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Version 1 


version 


Version of the 
certificate format 


V3 


serial Number 


Serial number of the 
certificate assigned by 
the lA 


Assigned in a serial 
fashion 


signature algorithm 
Identifier 

algorithm 

parameters 


Algorithm of the signa- 
ture of the certificate 
and parameters thereof 


Elliptic curve number/RSA 
parameters when an 
elliptic curve is used 
Key length when RSA 
is employed 


issuer 


lA name (in a 
distiguished name form) 


Name of the present lA 


validity 

notBefore 
notAfter 


Period during which the 
certificate is valid 

Start date 

Expiration date 




subject 


Name which identifies 
the user 


User device ID or ID of 
the service subject 


subject Public Key 
Info 
algorithm 

subject Public key 


Information of the public key 
of the user 

Algorithem of the key 

Key 


Elliptic curve/RSA 
Public key of the user 


Version 3 


authority Key Identifier 

key Identifier 

authority Cert Issuer 
authority Cert Serial 
Number 


Key identifier used in verifica- 
tion of the lA 

Key identification number (octal 
number) 

Name of the lA (in a general 
name form) 
Identification number 




subject key Identifier 


Used when a plurality 
of keys are certified 


Not used 


key usage 

{0)digital Signature 

(1) non Repudiation 

(2) key Encipherment 

(3) data Encipherment 
{4)key Agreement 

(5) key CertSign 

(6) cRL Sign 


Specifying the purpose 
of the key 

(0) for digital signature 

(1) to prevent repudiation 

(2) for encryption of the Key 

(3) for encryption of a message 

(4) for use in transmission of a 
symmetric key 

(5) used to verify the certificate 

(6) used to verify the signature 
of the certificate revolution list 


0,1,4, or 6 is used 


private Key Usage 
Period 

notBefore 

notAfter 


Period during which the 
private key stored In the 
user is valid 


Usage period is the 
same for the certificate, 
the public key, and the 
private Key (default) 



4X89 

FIG. 4 



Certificate Policy 
policy Identifier 
policy Qualifers 


Certificate policy of the certificate authority 
Policy ID (according to ISO/IEC9834-1) 
Certification criteria 


policy Mappings 
issuer Domain Policy 
subject Domain Policy 


Required only when the 
CA is certificated. Mappings 
of the policy of the issuer 
domain policy and the subject 
domain policy are defined 


default = none 


supported Algorithms 
algorithm Identifier 
intended Usage 

llUt^i V^yi III lUctlc 

Policies 


Attributes of the directory 
(X.500) are defined. Used to 
inform a receiving party of 
communication of the attributes 
the direction so that the recei- 
ving party can use the 
direction information 


default = none 
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(in the form of GN) 
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issuer Alt Name 


Not used although this item 
is included in the 
certificate format 
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default = none 


subject Directory Attributes 


Arbitrary attributes of the user 


not used 


basic Constraints 


Specifies the public key 
to be certified 




cA 

path Len Constraint 


Indicates whether the public 
key is used by a user or 
by a certificate authority to 
write a signature 


default 

= used by a user 


name Constraints 
permitted Subtrees 
base 
minimum 


Used only when the 
certification is to certify 
a certification authority (CA) 


default = none 


maximum 
excluded Subtrees 






policy Constraints 
requier Explicit Policy 
inhibit Policy Mapping 


Constraints are described in 
terms of requirements of 
explicit policy ID or inhibit 
policy mapping for the re- 
maining certification path 




CRL Distribution Points 


Indicates a reference point 
in the revocation list at which 
data is present which 
indicates whether the 
certificate of a user is 
revocated 


Pointer which points 
to a location where 
the certificate is 
registered. The 
revocation list is 
managed by an 
issuer 


Signature 


Signature of the issuer 
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Version 


Version 


Serial Number 


Identification Number 


signature algorithm 
Identifier 

algorithm 

parameters 


Signature algorithem 

Algorithm 
Parameters 


Issuer 


Name of the identification authority 
(in the form of a distinguished name) 


Validity 
notBefore 
notAfter 


Period during which the certificate is valid 
Start date 
Expiration date 


Subject 


Name of the subject to be certificated 
(in a DN form) 


Extended 
Items 


subject Template Info 
encrypt Type 
encrypt Unique ID 

encryption Algorithm 

parameter 

validity 

subject Template Source 
subject Template 


Tom nlato inf m ati An 
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• encrypt Type 

• The unique ID or the certificate 
number of a public key certificate 
used for encryption 

• Algorithm 

• parameter 

• Validity period (start date, expiration 

• Type of the template 

• Template 


Subject PKC info 

subject PKC serial 
Number 

subject PKC Unique ID 


Information about the public key certificate 
of the subject 

• Certificate number of the subject public 
key certificate 

• Unique ID of the subject of the subject 
public key certificate 


Issuer Unique ID 


Unique ID of the issuer 


Subject Unique ID 


Unique ID of the subject 


Public Key Certificate 


Public key certificate 


Issuer Alt Name 


Alternative name of the issuer 


subject Directory 
Attributes 


Personal information (encrypted as required) 
information used to authenticate subject 
Age, sex, etc. 


Valid Count 


Number of times the certificate is allowed 
to be used 


Control Table Link Info 
Ctl TbI Location 
Ctl TbI Unique ID 


Link information describing group information 

• Location of a link Information control 
table (URL, IP address, etc.) 

• Identification number of the link 
information 


Indispen- 
sable 


IDA Signature 


Signature of the IDA 
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HANDLING 



THE USER SUBMITS ADDITIONAL 
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